Ubuntu
swtpm package

Bug #2016744
Comment #1

Comment 1 for bug 2016744

Revision history for this message

Lena Voytek (lvoytek) wrote on 2023-04-25:

#1

Confirmed this is an issue for kinetic and jammy-proposed

$ lxc launch ubuntu:jammy --vm test-swtpm
$ lxc exec test-swtpm bash

# cat <<EOF >/etc/apt/sources.list.d/ubuntu-$(lsb_release -cs)-proposed.list
# Enable Ubuntu proposed archive
deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs)-proposed restricted main multiverse universe
EOF

# apt update && apt dist-upgrade -y
# apt install swtpm swtpm-tools -y

# su ubuntu

$ cd
$ /usr/share/swtpm/swtpm-create-user-config-files --overwrite
Environment variable XDG_CONFIG_HOME is not set. Using ${HOME}/.config.
Writing /home/ubuntu/.config/swtpm_setup.conf.
Writing /home/ubuntu/.config/swtpm-localca.conf.
Writing /home/ubuntu/.config/swtpm-localca.options.

$ swtpm_setup --tpm2 --tpmstate . --overwrite --create-ek-cert
Starting vTPM manufacturing as ubuntu:ubuntu @ Tue 25 Apr 2023 04:15:36 PM UTC
TPM is listening on Unix socket.
Successfully created RSA 2048 EK with handle 0x81010001.
Could not find @DATAROOTDIR@/swtpm/swtpm-localca in PATH.
An error occurred. Authoring the TPM state failed.
Ending vTPM manufacturing @ Tue 25 Apr 2023 04:15:36 PM UTC

$ lxc launch ubuntu:kinetic --vm test-swtpm
$ lxc exec test-swtpm bash

# apt update && apt dist-upgrade -y
# apt install swtpm swtpm-tools -y

# su ubuntu

$ cd
$ /usr/share/swtpm/swtpm-create-user-config-files --overwrite
Environment variable XDG_CONFIG_HOME is not set. Using ${HOME}/.config.
Writing /home/ubuntu/.config/swtpm_setup.conf.
Writing /home/ubuntu/.config/swtpm-localca.conf.
Writing /home/ubuntu/.config/swtpm-localca.options.

$ swtpm_setup --tpm2 --tpmstate . --overwrite --create-ek-cert
Starting vTPM manufacturing as ubuntu:ubuntu @ Tue 25 Apr 2023 04:07:27 PM UTC
TPM is listening on Unix socket.
Successfully created RSA 2048 EK with handle 0x81010001.
Could not find @DATAROOTDIR@/swtpm/swtpm-localca in PATH.
An error occurred. Authoring the TPM state failed.
Ending vTPM manufacturing @ Tue 25 Apr 2023 04:07:28 PM UTC

Lunar, however, is working properly:
$ lxc launch ubuntu:lunar --vm test-swtpm
$ lxc exec test-swtpm bash

# apt update && apt dist-upgrade -y
# apt install swtpm swtpm-tools -y

# su ubuntu

$ cd
$ /usr/share/swtpm/swtpm-create-user-config-files --overwrite
Environment variable XDG_CONFIG_HOME is not set. Using ${HOME}/.config.
Writing /home/ubuntu/.config/swtpm_setup.conf.
Writing /home/ubuntu/.config/swtpm-localca.conf.
Writing /home/ubuntu/.config/swtpm-localca.options.

$ swtpm_setup --tpm2 --tpmstate . --overwrite --create-ek-cert
Starting vTPM manufacturing as ubuntu:ubuntu @ Tue 25 Apr 2023 04:29:45 PM UTC
TPM is listening on Unix socket.
Successfully created RSA 2048 EK with handle 0x81010001.
Invoking /usr/bin/swtpm_localca --type ek --ek c3c156cd0c219f097b180d7884f5911c428f7b1e8ccbd829b28c317302a28e35edddbc334e07c0b87c771243ab7e4794ffd6f5e45a7e69d3f2182ff50956b1eb6bd90f947401a392f940b2a6fd0cb1223d25d476ac24f94490a0177885b7bc481d1facddf880e2c1c36f9712d1ae3988dfe6637170c79f53ec8e57c4eb60280058ed032c7c802ddd6d2186d4a53b04c45ef47ef7a6691d263410810cae81cf236491cf54059a250268402e30b8590b8f98d7dbd1fa58b978c0d62d0310b8212a8104a3eb2731d551265eb414be3f33319c2459deed673204f5f6e2e7bc3ef494ac8f3bc2e63439661f57d3486e0a45411b0971ec02c14e811c520b4e9349be4b --dir /tmp/swtpm_setup.certs.CBV031 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /home/ubuntu/.config/swtpm-localca.conf --optsfile /home/ubuntu/.config/swtpm-localca.options
swtpm_localca: Creating root CA and a local CA's signing key and issuer cert.
swtpm_localca: Successfully created EK certificate locally.
Successfully created NVRAM area 0x1c00002 for RSA 2048 EK certificate.
Successfully created ECC EK with handle 0x81010016.
Invoking /usr/bin/swtpm_localca --type ek --ek x=d0021840ce6fb63cffc1dea32aca965b2d6fd188ca41b204b8a4eb0a7177854b6b21f8e4f69a5fce21093cac74be4ae3,y=5ec8b20819c0e9f2890a9e408d46ceb3645b7691942efb36c0bc5206d492676e061556371d8a37db33f86e6da21c8f11,id=secp384r1 --dir /tmp/swtpm_setup.certs.CBV031 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /home/ubuntu/.config/swtpm-localca.conf --optsfile /home/ubuntu/.config/swtpm-localca.options
swtpm_localca: Successfully created EK certificate locally.
Successfully created NVRAM area 0x1c00016 for ECC EK certificate.
Successfully activated PCR banks sha256 among sha1,sha256,sha384,sha512.
Successfully authored TPM state.
Ending vTPM manufacturing @ Tue 25 Apr 2023 04:29:47 PM UTC

I'll update the bug accordingly and get started on a fix for this

Confirmed this is an issue for kinetic and jammy-proposed

$ lxc launch ubuntu:jammy --vm test-swtpm
$ lxc exec test-swtpm bash

# cat <<EOF >/etc/apt/sources.list.d/ubuntu-$(lsb_release -cs)-proposed.list
# Enable Ubuntu proposed archive
deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs)-proposed restricted main multiverse universe
EOF

# apt update && apt dist-upgrade -y
# apt install swtpm swtpm-tools -y

# su ubuntu

$ cd
$ /usr/share/swtpm/swtpm-create-user-config-files --overwrite
Environment variable XDG_CONFIG_HOME is not set. Using ${HOME}/.config.
Writing /home/ubuntu/.config/swtpm_setup.conf.
Writing /home/ubuntu/.config/swtpm-localca.conf.
Writing /home/ubuntu/.config/swtpm-localca.options.

$ swtpm_setup --tpm2 --tpmstate . --overwrite --create-ek-cert
Starting vTPM manufacturing as ubuntu:ubuntu @ Tue 25 Apr 2023 04:15:36 PM UTC
TPM is listening on Unix socket.
Successfully created RSA 2048 EK with handle 0x81010001.
Could not find @DATAROOTDIR@/swtpm/swtpm-localca in PATH.
An error occurred. Authoring the TPM state failed.
Ending vTPM manufacturing @ Tue 25 Apr 2023 04:15:36 PM UTC

$ lxc launch ubuntu:kinetic --vm test-swtpm
$ lxc exec test-swtpm bash

# apt update && apt dist-upgrade -y
# apt install swtpm swtpm-tools -y

# su ubuntu

$ cd
$ /usr/share/swtpm/swtpm-create-user-config-files --overwrite
Environment variable XDG_CONFIG_HOME is not set. Using ${HOME}/.config.
Writing /home/ubuntu/.config/swtpm_setup.conf.
Writing /home/ubuntu/.config/swtpm-localca.conf.
Writing /home/ubuntu/.config/swtpm-localca.options.

$ swtpm_setup --tpm2 --tpmstate . --overwrite --create-ek-cert
Starting vTPM manufacturing as ubuntu:ubuntu @ Tue 25 Apr 2023 04:07:27 PM UTC
TPM is listening on Unix socket.
Successfully created RSA 2048 EK with handle 0x81010001.
Could not find @DATAROOTDIR@/swtpm/swtpm-localca in PATH.
An error occurred. Authoring the TPM state failed.
Ending vTPM manufacturing @ Tue 25 Apr 2023 04:07:28 PM UTC

Lunar, however, is working properly:
$ lxc launch ubuntu:lunar --vm test-swtpm
$ lxc exec test-swtpm bash

# apt update && apt dist-upgrade -y
# apt install swtpm swtpm-tools -y

# su ubuntu

$ cd
$ /usr/share/swtpm/swtpm-create-user-config-files --overwrite
Environment variable XDG_CONFIG_HOME is not set. Using ${HOME}/.config.
Writing /home/ubuntu/.config/swtpm_setup.conf.
Writing /home/ubuntu/.config/swtpm-localca.conf.
Writing /home/ubuntu/.config/swtpm-localca.options.

$ swtpm_setup --tpm2 --tpmstate . --overwrite --create-ek-cert
Starting vTPM manufacturing as ubuntu:ubuntu @ Tue 25 Apr 2023 04:29:45 PM UTC
TPM is listening on Unix socket.
Successfully created RSA 2048 EK with handle 0x81010001.
  Invoking /usr/bin/swtpm_localca --type ek --ek c3c156cd0c219f097b180d7884f5911c428f7b1e8ccbd829b28c317302a28e35edddbc334e07c0b87c771243ab7e4794ffd6f5e45a7e69d3f2182ff50956b1eb6bd90f947401a392f940b2a6fd0cb1223d25d476ac24f94490a0177885b7bc481d1facddf880e2c1c36f9712d1ae3988dfe6637170c79f53ec8e57c4eb60280058ed032c7c802ddd6d2186d4a53b04c45ef47ef7a6691d263410810cae81cf236491cf54059a250268402e30b8590b8f98d7dbd1fa58b978c0d62d0310b8212a8104a3eb2731d551265eb414be3f33319c2459deed673204f5f6e2e7bc3ef494ac8f3bc2e63439661f57d3486e0a45411b0971ec02c14e811c520b4e9349be4b --dir /tmp/swtpm_setup.certs.CBV031 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /home/ubuntu/.config/swtpm-localca.conf --optsfile /home/ubuntu/.config/swtpm-localca.options
swtpm_localca: Creating root CA and a local CA's signing key and issuer cert.
swtpm_localca: Successfully created EK certificate locally.
Successfully created NVRAM area 0x1c00002 for RSA 2048 EK certificate.
Successfully created ECC EK with handle 0x81010016.
  Invoking /usr/bin/swtpm_localca --type ek --ek x=d0021840ce6fb63cffc1dea32aca965b2d6fd188ca41b204b8a4eb0a7177854b6b21f8e4f69a5fce21093cac74be4ae3,y=5ec8b20819c0e9f2890a9e408d46ceb3645b7691942efb36c0bc5206d492676e061556371d8a37db33f86e6da21c8f11,id=secp384r1 --dir /tmp/swtpm_setup.certs.CBV031 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /home/ubuntu/.config/swtpm-localca.conf --optsfile /home/ubuntu/.config/swtpm-localca.options
swtpm_localca: Successfully created EK certificate locally.
Successfully created NVRAM area 0x1c00016 for ECC EK certificate.
Successfully activated PCR banks sha256 among sha1,sha256,sha384,sha512.
Successfully authored TPM state.
Ending vTPM manufacturing @ Tue 25 Apr 2023 04:29:47 PM UTC

I'll update the bug accordingly and get started on a fix for this